3.0.2 • Published 11 months ago
@otterhttp/rate-limit v3.0.2
@otterhttp/rate-limit
Basic rate-limiting middleware for tinyhttp. Used to limit repeated requests to public APIs and/or endpoints such as password reset.
Install
pnpm i @otterhttp/rate-limitUsage
import { App } from '@otterhttp/app'
import { rateLimit } from '@otterhttp/rate-limit'
new App().get('limited-route', rateLimit({ max: 10, windowMs: 60 * 1000 /* 1 minute */ }), (_, res) =>
res.send('Limited route')
)Options
| Name | Type | Default | Description |
|---|---|---|---|
| windowMs | number | 5000 | Timeframe for which requests are checked/remembered. |
| max | number | ((req: Request, res: Response) => Promise) | 5 | Max number of connections during windowMs before sending a 429 response. |
| message | string | Too many requests, please try again later. | Error message sent to user when max is exceeded. |
| statusCode | number | 429 | HTTP status code returned when max is exceeded. |
| skipFailedRequests | boolean | false | When set to true, failed requests won't be counted. |
| skipSuccessfulRequests | boolean | false | When set to true successful requests (response status < 400) won't be counted. |
| keyGenerator | (req: Request, res: Response) => string | (req) => req.ip | Function used to generate keys. |
| shouldSkip | (req: Request, res: Response) => boolean | () => false | Determine per request if it should be skipped by the middleware |
| onLimitReached | onLimitReached: (req: Request, res: Response) => void | () => {} | Function that is called the first time a user hits the rate limit within a given window. |
| store | Store | MemoryStore | By default a MemoryStore is used. Rate Limit Redis, Rate Limit Memcached and Rate Limit Mongo can be used too. |